diff --git a/ydb/core/mon/async_http_mon.cpp b/ydb/core/mon/async_http_mon.cpp index bda324ae8848..2dec0b669fcd 100644 --- a/ydb/core/mon/async_http_mon.cpp +++ b/ydb/core/mon/async_http_mon.cpp @@ -245,9 +245,9 @@ class THttpMonLegacyActorRequest : public TActorBootstrappedCreateResponseString(response)); PassAway(); diff --git a/ydb/core/viewer/viewer.cpp b/ydb/core/viewer/viewer.cpp index 3f6f05f02e30..3fe596978c74 100644 --- a/ydb/core/viewer/viewer.cpp +++ b/ydb/core/viewer/viewer.cpp @@ -517,36 +517,12 @@ class TViewer : public TActorBootstrapped, public IViewer { if (type.empty()) { type = "application/json"; } - if (AllowOrigin) { - ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes( - "HTTP/1.1 204 No Content\r\n" - "Access-Control-Allow-Origin: " + AllowOrigin + "\r\n" - "Access-Control-Allow-Credentials: true\r\n" - "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n" - "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n" - "Allow: OPTIONS, GET, POST\r\n" - "Content-Type: " + type + "\r\n" - "Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom)); - } else { - TString origin = TString(msg->Request.GetHeader("Origin")); - if (!origin.empty()) { - ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes( - "HTTP/1.1 204 No Content\r\n" - "Access-Control-Allow-Origin: " + origin + "\r\n" - "Access-Control-Allow-Credentials: true\r\n" - "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n" - "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n" - "Allow: OPTIONS, GET, POST\r\n" - "Content-Type: " + type + "\r\n" - "Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom)); - } else { - ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes( - "HTTP/1.1 204 No Content\r\n" - "Allow: OPTIONS, GET, POST\r\n" - "Content-Type: " + type + "\r\n" - "Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom)); - } - } + TStringBuilder response; + response << "HTTP/1.1 204 No Content\r\n"; + FillCORS(response, msg); + response << "Content-Type: " + type + "\r\n" + "Connection: Keep-Alive\r\n\r\n"; + Send(ev->Sender, new NMon::TEvHttpInfoRes(response, 0, NMon::IEvHttpInfoRes::EContentType::Custom)); return; } TString path("/" + msg->Request.GetPage()->Path + msg->Request.GetPathInfo()); @@ -649,11 +625,15 @@ void TViewer::FillCORS(TStringBuilder& stream, const TRequestState& request) { } else if (request && request->Request.GetHeaders().HasHeader("Origin")) { origin = request->Request.GetHeader("Origin"); } + if (origin.empty()) { + origin = "*"; + } if (origin) { stream << "Access-Control-Allow-Origin: " << origin << "\r\n" << "Access-Control-Allow-Credentials: true\r\n" - << "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n" - << "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n"; + << "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept,X-Trace-Verbosity,X-Want-Trace\r\n" + << "Access-Control-Allow-Methods: OPTIONS, GET, POST, DELETE\r\n" + << "Allow: OPTIONS, GET, POST, DELETE\r\n"; } }